Mend.io Previous Solutions
When we bought Mend (formerly WhiteSource), we did a POC of several competing products. We compared Mend (formerly WhiteSource), Black Duck, and a few other solutions that weren't nearly as good as those two products. Those two are the main competitors in this space. We felt Mend (formerly WhiteSource) was easier to use and we also felt that Black Duck found a few issues that Mend (formerly WhiteSource) wouldn't. Overall, it was much harder to use and we found more false positives in Black Duck. Mend (formerly WhiteSource) is more accurate and it also is easier to use. The status reporting in it is really solid. Particularly, there's some legal guidance here in terms of what licenses we can use and what we can't and Mend (formerly WhiteSource) is really good at finding license types we don't want.
View full review »JP
reviewer1928817
Sr. Manager at a financial services firm with 10,001+ employees
We had other solutions, like SAST scanning and Black Duck, but nothing offered this level of detail. The previous solutions were reactive and required a lot of manual work, whereas Mend proactively identifies vulnerabilities. The code is scanned immediately once it goes into the repository.
Mend has the ability to control the release using the same data going into production or our test environments. That is what sets it apart from other tools. Other tools are emerging with similar capabilities, but when we picked it, it was one of the only tools that had the features we need.
We did not previously use any different solution prior to Mend.
We did look at other solutions. There was Veracode that we tried and Tenable. There was Qualys as well. However, we chose Mend, and we have had a license for three years right now.
Buyer's Guide
Mend.io
April 2024
Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,740 professionals have used our research since 2012.
Before Mend.io, we had a manual process. That means we were tracking all the licensees and copyrights manually. We also tried using an open-source tool to detect vulnerabilities and fix them, but it did not work very well. It was consuming a lot of time on my team.
View full review »We use trials of many solutions, such as Snyk and Sonatype.
View full review »This solution is the first of its kind for us.
As part of our security certification 27001, we looked at going to ISO 27017, and that had a few more constraints around software security analysis, mainly the secure development life cycle. We recognized that it was high time. That was the first catalyst, and then we went through an inspection of various products on the market, and that's what led us to WhiteSource. The fact that Microsoft is a big investor and speaks highly of them made a difference.
View full review »I use multiple solutions, such as Snyk, Black Duck, and Sonatype.
View full review »KW
Kieran Whelan
Principal Security Engineer at Texthelp Ltd.
The company used Snyk before I was there. I think they switched for budgeting reasons.
View full review »SM
Sonal Moon
Product Security Architect at Pitney Bowes Inc.
I did not use any other solution previously.
View full review »GP
reviewer1915362
IT Service Manager at a wholesaler/distributor with 51-200 employees
We did not use any other solution.
View full review »I have previously used other solutions, such as OWASP Dependency-Check, Snyk open-source, and CheckMark
View full review »We did not use another solution prior to this one.
View full review »Prior to this solution, we used Black Duck. As of two years ago, when we made the switch, WhiteSource's UI was more modern, the SaaS solution more scalable, and the integration capabilities far superior. The detection accuracy between the two was quite similar.
View full review »DH
Daniel Hall
Technical Architect at Dwr Cymru Welsh Water
For this use case, we did not use another solution prior to this one.
View full review »AM
Alon Michaeli
Founder & CEO at DealHub.io
We were using editors or Wiki to keep that information, but obviously it was not updated.
View full review »We did not use anything before WhiteSource.
View full review »We didn't use anything before, only manually.
View full review »NK
reviewer1268112
DevOps CI/CD Team Lead at a computer software company with 10,001+ employees
This is my first open-source scanning solution.
View full review »We were using an in-house solution based on some Maven plugins. The process was not fully-automated. We were looking for a fully-automated solution.
Buyer's Guide
Mend.io
April 2024
Learn what your peers think about Mend.io. Get advice and tips from experienced pros sharing their opinions. Updated: April 2024.
768,740 professionals have used our research since 2012.